Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22680 | 1 Synology | 1 Diskstation Manager | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2021-38148 | 1 Obsidian | 1 Obsidian | 2022-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs. | |||||
| CVE-2022-22833 | 1 Servisnet | 1 Tessa | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. | |||||
| CVE-2020-12988 | 1 Amd | 122 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 119 more | 2022-02-10 | 7.8 HIGH | 7.5 HIGH |
| A potential denial of service (DoS) vulnerability exists in the integrated chipset that may allow a malicious attacker to hang the system when it is rebooted. | |||||
| CVE-2019-15363 | 1 Leagoo | 2 Power 5, Power 5 Firmware | 2022-02-10 | 2.1 LOW | 5.5 MEDIUM |
| The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. | |||||
| CVE-2021-41360 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-10 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-40453. | |||||
| CVE-2021-40453 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40452, CVE-2021-41360. | |||||
| CVE-2021-40452 | 1 Microsoft | 1 Hevc Video Extensions | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40453, CVE-2021-41360. | |||||
| CVE-2021-45897 | 1 Salesagility | 1 Suitecrm | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution. | |||||
| CVE-2020-8782 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | |||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2022-02-09 | 7.2 HIGH | 7.8 HIGH |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | |||||
| CVE-2019-11855 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | |||||
| CVE-2017-8036 | 1 Cloudfoundry | 1 Capi-release | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. | |||||
| CVE-2020-13364 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | |||||
| CVE-2021-36152 | 1 Apache | 1 Gobblin | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. | |||||
| CVE-2022-23330 | 1 Jpress | 1 Jpress | 2022-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | |||||
| CVE-2021-32024 | 1 Blackberry | 1 Qnx Software Development Platform | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. | |||||
| CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2022-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | |||||
| CVE-2021-45463 | 4 Fedoraproject, Gegl, Gimp and 1 more | 4 Fedora, Gegl, Gimp and 1 more | 2022-02-07 | 6.8 MEDIUM | 7.8 HIGH |
| load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. | |||||
| CVE-2018-12713 | 1 Gimp | 1 Gimp | 2022-02-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. | |||||